Open Source Indemnification: More Harm than Good

Since SCO filed its lawsuit against IBM several years ago, a number of vendors have stepped forward to indemnify their customers from suit if the customer becomes embroiled in any litigation involving open source software that the vendor distributed.

Novell, who had already provided protection to its customers, took indemnification to the next level recently with its deal with Microsoft. The Microsoft-Novell partnership has both vendors paying for patent licenses and agreeing not to sue one another’s customers. Everyone, conventional wisdom is saying, is fair game (see My Enemy, My Partner: The Microsoft-Novell Alliance).

The week before that, Larry Ellison dredged up the SCO trail from the mists of history to announce that his company would indemnify Unbreakable Linux 2.0 customers. (see The Oracle Effect)

Naturally, Red Hat had to respond.

While Red Hat already had an Open Source Assurance program in place to protect its customers, last week they added indemnification from “intellectual property infringement claims.” Indemnification is the new “Go”" button.

Several years ago, when the Firefox web browser was still young, I remember reading a software review in a well-respected publication that found the browser unfit for general users. At the top of the (very short) list of reasons? No “Go” button to the right of the URL input box.

Yes, the “Go” button. That amazing feature that almost no one with any sense actually uses. The one that sits next to the box where a global community of non-technical users type “http://” and “www.” incantations. Because it had come to be expected, Firefox immediately added the button.

And so too is the case with Linux indemnification. A vendor must add it or risk looking like it’s not offering a complete package.

The “Go” button might not be terribly useful, but it doesn’t cause any harm either. Neither is indemnification useful, but it has the added effect of implying an active threat against the customers of open source software.

The Microsoft-Novell agreement is a perfect example of this. Microsoft is now openly admitting that Linux is a respected part of IT infrastructure, found almost everywhere. Microsoft’s customers are Novell’s customers and vice versa. To offer that same customer base protection would imply that they would go after them at the drop of a hat. And that’s simply not going to happen. Successful companies don’t sue their customers.

When the SCO case first broke, Jim Stallings, then IBM’s general manager for Linux, speaking at LinuxWorld said, “The claims that have been alleged [by SCO] against IBM [have] no basis, so indemnification is not needed.”

Indemnification is not needed.

I think that statement needs a “Go” button attached to it so, it too, will be fit for end-user consumption.